Fwd: Re: [Openswan Users] please help, im new in this

victor nikiforenko victorfrankenstein at yahoo.com
Sat Mar 4 15:17:56 CET 2006 

Thakyou very much for you request,


My linux-box is fedora core 3 and i install
openswan-2.4.4-1.i386.rpm  
Fedora Core 3 (x86): l2tpd-0.69-11jdl.i386.rpm

my ipsec.conf

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14
20:10:27 paul Exp $

# This file: 
/usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of
ipsec.conf specification
config setup
        interfaces=%defaultroute
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=10.10.20.0/16
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=host.example.com.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore
-----------------------------------
also i use use the Certimport tool like and the import
whit mmc to but about time in the cliente i don't
checkit, i do that in one hour.

Tnakyou very much again

victor

--- Jacco de Leeuw <jacco2 at dds.nl> wrote:

> Date: Sat, 4 Mar 2006 23:28:24 +0100
> From: Jacco de Leeuw <jacco2 at dds.nl>
> To: users at openswan.org
> Subject: Re: [Openswan Users] please help, im new in
> this
> 
> On Sat, Mar 04, 2006 at 12:48:36PM -0800, victor
> nikiforenko wrote:
>  
> > i'm tring to setup my vpn betwen my home
> (cablemodem
> > 96k) and my office (adsl 256) whit ipsec-l2tp i
> use
> > initialy nate's document ipsec-l2tp but y recive
> error 786 
> 
> Are you sure you installed the machine certificate
> on the Windows client correctly? When in doubt, use
> the Certimport tool from Xelerance. 
> 
> > Mar  3 21:33:37 linux pluto[17967]:
> "roadwarrior"[7]
> > 200.116.31.216 #15: next payload type of ISAKMP
> Hash
> > Payload has an unknown value: 118
> 
> This is a bit odd. Is there really nothing doing
> NAT?
> Is there an MTU problem?
> 
> What version of Openswan are you using? What does
> your
> ipsec.conf file look like?
> 
> > also when i see certificates in windows givme a
> > message your certificate are expired or not valid
> 
> Is the internal clock set to a correct time on
> the client?
> 
> Jacco
> -- 
> Jacco de Leeuw            mailto:jacco2 at dds.nl
> Zaandam, The Netherlands  http://www.jacco2.dds.nl
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Users mailing list